Your privacy is very important to us. This notice (this “Privacy Notice”) is provided by CDAM (UK) Limited (“CDAM”) and sets forth CDAM’s policies for the collection, use, storage, sharing, disclosure (collectively, “processing”) and protection of personal data relating to CDAM’s current, prospective and former clients.
This Privacy Notice is being provided in accordance with the requirements of data privacy laws, including the EU General Data Protection Regulation 2016/679 (“GDPR”), the U.S. Gramm-LeachBliley Act of 1999, as amended, and any other law relating to privacy or the processing of personal data and any statutory instrument, order, rule or regulation implemented thereunder, each as applicable to CDAM (collectively, “Data Protection Law”). References to “you” or an “investor” in this Privacy Notice mean any investor who is an individual, or any individual connected with an investor who is a legal person (each such individual, a “data subject”), as applicable.
The types of personal data we may collect and use
The types of personal data we may collect and use The categories of personal data we may collect include names, residential addresses or other contact details, signature, nationality, place of birth, tax identification number, social security number, date of birth, place of birth, copies of identification documents, bank account details, information about assets or net worth, credit history, source of funds details, photographs as well as other sensitive information.
Using your personal data: the legal basis and purposes
We may process your personal data for the purposes of administering the relationship between you and us (including communications and reporting), direct marketing of our products and services, monitoring and analyzing our activities, and complying with applicable legal or regulatory requirements (including anti-money laundering, fraud prevention, tax reporting, sanctions compliance, or responding to requests for information from supervisory authorities with competent jurisdiction over our business). Your personal data will be processed in accordance with Data Protection Law and may be processed with your consent, upon your instruction, or for any of the purposes set out herein, including where we or a third-party consider there to be any other lawful purpose to do so. We also may receive your personal information from third parties or other sources, such as our affiliates, the administrator (including any sub-administrator) of a fund/managed account or publicly accessible sources, such as the Internet.
How we may share your personal data
We may disclose information about you to our affiliates or third parties, including the administrator (and any sub-administrator), the brokers and the custodian(s) of a fund/managed account, for our everyday business purposes, such as to facilitate transactions, maintain your account(s) or respond to court orders and legal investigations. It may also be necessary, under anti-money laundering and similar laws, to disclose information about investors in order to accept subscriptions from them or to facilitate the establishment of trading relationships for a fund/managed account with executing brokers or other trading counterparties. We will also release information about you if you direct us to do so. We may share your information with our affiliates for direct marketing purposes, such as offers of products and services to you by us or our affiliates. You may prevent this type of sharing by contacting us as described below (see “Who to contact about this Privacy Notice”). We may also disclose information about your transactions and experiences with us to our affiliates for their everyday business purposes. If you are a new investor, we can begin sharing your information 30 days from the date we sent this Privacy Notice. When you are no longer our investor, we may continue to share your information as described in this Privacy Notice. We may disclose information you provide to us to companies that perform marketing services on our behalf, such as any placement agent retained by a fund.
Monitoring of communications
We may record and monitor telephone conversations and electronic communications with you for the purposes of: (i) ascertaining the details of instructions given, the terms on which any transaction was executed or any other relevant circumstances; (ii) ensuring compliance with our regulatory obligations; and/or (iii) detecting and preventing the commission of financial crime.
Retention periods and security measures
We will not retain personal data for longer than is necessary in relation to the purpose for which it is collected, subject to Data Protection Law. Personal data will be retained for the duration of your investment in a fund/managed account and for a minimum period of five to seven years after a redemption/withdrawal of an investment from a fund/managed account or liquidation of a fund/managed account. We may retain personal data for a longer period for the purpose of marketing our products and services or compliance with applicable law. From time to time, we will review the purpose for which personal data has been collected and decide whether to retain it or to delete if it no longer serves any purpose to us. To protect your personal information from unauthorized access and use, we apply organizational and technical security measures in accordance with Data Protection Law. These measures include computer safeguards and secured files and buildings. We will notify you of any material personal data breaches affecting you in accordance with the requirements of Data Protection Law.
Because of the international nature of a fund/investment management business, personal data may be transferred to countries outside the EEA (“Third Countries”), such as to jurisdictions where we conduct business or have a service provider, including countries that may not have the same level of data protection as that afforded by the Data Protection Law in the EEA. In such cases, we will process personal data (or procure that it be processed) in the Third Countries in accordance with the requirements of the Data Protection Law, which may include having appropriate contractual undertakings in legal agreements with service providers who process personal data on our behalf in such Third Countries.
Your rights under Data Protection Law
You have certain rights under GDPR in relation to our processing of your personal data and these are, generally: (i) the right to request access to your personal data; (ii) the right to request rectification of your personal data; (iii) the right to request erasure of your personal data (the “right to be forgotten”); (iv) the right to restrict our processing or use of personal data; (v) the right to object to our processing or use where we have considered this to be necessary for our legitimate interests (such as in the case of direct marketing activities); (vi) where relevant, the right to request the portability; (vii) where your consent to processing has been obtained, the right to withdraw your consent at any time; and (viii) the right to lodge a complaint with a supervisory authority. You should note that your right to be forgotten that applies in certain circumstances under GDPR is not likely to be available in respect of the personal data we hold, given the purpose for which we collect such data, as described above. You may contact us at any time to limit our sharing of your personal information. If you limit sharing for an account you hold jointly with someone else, your choices will apply to everyone on your account. U.S. state laws may give you additional rights to limit sharing.
Complaining to supervisory authorities
A complaint in respect of CDAM (UK) Limited may be made to the Information Commissioner’s Office in the United Kingdom.
Who to contact about this Privacy Notice
Please contact CDAM’s Data Controller George Chamberlain, COO, email@example.com, +44 207 183 0941 or by writing to the following address: CDAM (UK) Limited, 16 Clifford Street, London W1S 3RG, United Kingdom for any questions about this Privacy Notice or requests with regards to the personal data we hold.